From: "Henk Laracker"
<Henk.Laracker(a)planonsoftware.com>
To: keycloak-user(a)lists.jboss.org
Cc: "Mark Bertels" <Mark.Bertels(a)planonsoftware.com>
Sent: Thursday, 28 May, 2015 12:01:47 PM
Subject: [keycloak-user] Cors not working Final 1.2
Hi,
Cors headers missing during login procedure of keycloak
===============================
Step 1 - Prepare keycloak realm:
===============================
Create a simple keycloak realm for testing,
===============================
Step 2 - Create a user
===============================
Add a user and a client to the realm
The client should be configured as follows:
Client Protocol openid-connect
Access Type public
Valid redirect uri's:
http://localhost/*
http://localhost
Web origins:
http://localhost/*
http://localhost
===============================
Step 3 - Create test application on tomcat
===============================
On a given tomcat server (I'm using localhost for this example) add 2 web
applications:
app1 with a simple index.html
cors with a simple test.txt with the content "Some data"
The following url's are now available:
http://localhost/app1/index.html
http://localhost/cors/test.txt
In
http://localhost/app1/index.html create javascript which loads data from
http://localhost/cors/test.txt
If you go to
http://localhost/app1/index.html now, a GET will be performed to
http://localhost/cors/test.txt and the data is displayed
===============================
Step 4 - Adding keycloak to the applications
===============================
Add keycloak configuration on "app1".
Add keycloak configuration on "cors"
Additionally, add
"enable-cors": "true"
to the json file.
===============================
Step 5 - Log in to app1
===============================
If you log in to app1 in a new browser the data from app "cors" will not be
loaded. The following error will be displayed in the console of your browser
(using chrome)
XMLHttpRequest cannot load
http://localhost-auth:8080/auth/realms/test/protocol/openid-connect/auth?....
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost' is therefore not allowed access.
This request to "/protocol/openid-connect/auth" makes no sense to me. How are
you invoking this? Can you include the source for index.html?
If it loaded the data, make sure that you're logged out, or try it in private
browsing mode.
===============================
Expected result
===============================
We expected "Access-Control-Allow-Origin" to be set to the "Web
origins",
allowing for cross-application requests without editing existing
applications.
Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très
cordialement,
Henk Laracker
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user